Facebook API - Session still exists after user logs out

Question

Facebook API - Session still exists after user logs out

I am using Facebook php-sdk in my facebook iframe application to get login status. Immediately after I log out of my facebook account> Logout, the session has not yet been destroyed. I have to wait a few minutes before the expiration of the old session, after which my application will again receive the correct login status.

I expect facebook to kill itself and the session when the user selects. How to manually kill a session?

Here is my code:

$initParams = array( 'appId' => $conf['app_id'], 'secret' => $conf['secret_api_key'], 'cookie' => TRUE, ); $fb = new Facebook($initParams); $fb->getSession(); // will return a session object eventhough user signed out!

SOLVE:

calling $fb->api('/me') destroy the session if the user has previously logged out. I changed my code as follows:

 if ($session) { try { $fbuid = $fb->getUser(); $me = $fb->api('/me'); } catch(FacebookApiException $e){} }

If the API call is unsuccessful, $session will be set to NULL. Very strange behavior, I do not explain everything that happens here, but it solved my problem with the fact that the residual session object is not updated using the getSession() method.

+7

php session facebook-graph-api

flochtililoch Dec 22 '10 at 16:59

source share

7 answers

Henson · Answer 1 · 2012-01-12T03:06:40+0000

I use $ fb-> getUser (), and what I did was almost identical to yours.

 if ($fb->getUser()) { try { $me = $fb->api('/me'); } catch(FacebookApiException $e){ **$fb->destroySession();** } }

I found that using only the API to check whether FB came out or not is sometimes inconsistent, but with destroySession (), the session will certainly be destroyed.

tireof_fbscripting · Answer 2 · 2012-04-15T07:57:56+0000

if you use javascript calls to FB.INIT on the login page, then set the parameter to false to true.

status attribute information: http://developers.facebook.com/docs/reference/javascript/FB.init/

Substancemx · Answer 3 · 2011-10-24T21:10:47+0000

Try to find the formatData function somewhere in LoginWindow (AS3) and find this line:

 vars.redirect_uri = FacebookURLDefaults.LOGIN_SUCCESS_URL

Change the value of http://www.facebook.com/ and exit this html page at login.

This is a temporary solution to log out if you are a developer and not an end user.

Oswald · Answer 4 · 2010-12-22T20:08:08+0000

Facebook must disconnect the session from the account to which the session belonged. You can use the function Facebook :: getUser () to check if this has been done:

 if ($fb->getUser() === null) { // User logged out } else { // User logged in }

haha · Answer 5 · 2010-12-22T22:39:23+0000

Try $facebook->setSession(null) or using javascript <a href="/logout/" onclick="FB.logout();">Logout</a>

Substancemx · Answer 6 · 2011-10-24T18:04:18+0000

Logging out does not work.

Try posting this link in your browser after logging in to facebook.

https://www.facebook.com/logout.php

What happened? this will lead you to your facebook. No logout.

Whatever you do, check the handleLogout function (depending on your API) and check the output. In my case, it returns the whole httml facebook page.

Kup · Answer 7 · 2014-04-23T10:56:01+0000

The only way to solve this problem is to clear the session using a signed request in order to verify the user ID:

 $facebook = Membership::getFacebookApp(); $signed_request = $facebook->getSignedRequest(); if(isset($_SESSION['facebook_id']) && $signed_request['user_id'] != (int)$_SESSION['facebook_id']){ $_SESSION = array(); }

Facebook API - Session still exists after user logs out

More articles: